Lorri Janssen-Anessi, Director of External Cyber Assessments, BlueVoyant
Breakthrough attack patterns of 2024
Several cybersecurity trends stood out in 2024. One thing remains constant, the cybersecurity landscape is ever evolving and complex. Here are a few things that stood out for me.
An increase in creativity and sophistication by cyber threat actors. Artificial Intelligence (AI) has been increasingly leveraged lately by cyber threat actors in phishing attacks, social engineering, automated malware creation, assisting in the sophistication and believability of content, and to help make their tactics more precise and scalable. Along the same line, cyber threat actors continue to use Deepfakes in social media or low-level scams. I would not underestimate this tool. There has been increased believability and sophistication in not only the messaging and content of texts and emails but also in videos. The improvement in this capability has increased enough to fool even advanced security systems. We may see attacks leveraging deepfakes and synthetic identities to infiltrate organisations, resulting in a potential need for new identity verification protocols and anti-synthetic fraud technologies.
An unfortunate trend is the continued shortage of cybersecurity talent. The demand for skilled cybersecurity professionals already outstrips supply, but if this gap grows further, we could see a critical shortfall in the coming years. Organisations could potentially respond by doubling down on automation and AI to fill gaps in threat monitoring and response, or by leaning on managed security service providers, potentially reshaping the industry’s workforce landscape.
How to stay one step ahead of attackers in 2025
One very positive win for 2024 was the downward trend in ransomware. One conclusion behind this trend is that organisations are taking a more defensive and proactive approach to ensuring the security of not only their own organisations but also their third-party supply chains. Supply chains have been and continue to be one of the biggest vectors for ransomware attacks to date. This decrease could also be attributed to overall awareness, and improved incident response programs. Some other contributing factors could be improved network segmentation, controlling user privileges, and general improvements in data backup strategies. Continued vigilance in these areas will keep this trend going in the right direction.
Something that could continue to help is companies vetting suppliers’ cybersecurity practices and programs. These additional requirements could include adding layers of due diligence.
As cyber threats continue to grow more complex and damaging, regulatory bodies around the world have been stepping up enforcement to protect critical infrastructure, personal data, and the global economy. I anticipate that in 2025, the landscape of compliance and regulatory oversight in cybersecurity could shift significantly, with broad implications for businesses, security practices, and the industry overall. Enforcement could become much more aggressive, with substantial penalties for breaches or negligence. Increased legal accountability might surprise organisations, pushing them to adopt comprehensive security standards far beyond current compliance frameworks.
Currently, regulations vary significantly by region, which can be costly and confusing for global companies. By 2025, we may see an effort toward harmonising cybersecurity standards, especially across the EU, U.S., and parts of Asia. This would mean more uniform standards around data protection, incident response, and cross-border data flow security, although companies would still have to meet the most stringent standard in any operating region.
Building on frameworks like the GDPR, more regions could enforce privacy rights, obligating organisations to limit data collection, improve transparency, and seek explicit consent for data use. Companies may face stringent requirements to secure consumer data, notify users of breaches quickly, and demonstrate the minimum collection of personal information.
The cybersecurity landscape is dynamic, and as new technologies evolve, so do the threats and industry responses. Preparedness will likely hinge on proactive adaptation to these emerging and growing risks.
Austin Berglas, Global Head of Professional Services, BlueVoyant
Over-reliance on AI as companies cut personnel and costs
While AI can enhance efficiency and automate routine tasks, it lacks the nuanced understanding and critical thinking that human employees bring to complex decision-making processes. Dependence on AI could lead to a reduction in human oversight, increasing the likelihood of errors and biases in automated systems. As AI systems are only as good as the data they are trained on, they may perpetuate existing biases and inaccuracies, leading to flawed outcomes. Additionally, the reduction in personnel not only impacts employee morale and organisational culture, but also leaves companies vulnerable to cyber threats, as human expertise and adaptability are crucial in identifying and mitigating such risks. Ultimately, the cost savings from reducing personnel may be offset by the potential for costly mistakes and security breaches, underscoring the need for a balanced approach that integrates AI with human expertise.
Better customisation of phishing campaigns
As AI and deepfake technologies advance, phishing campaigns are expected to become increasingly sophisticated and challenging to detect. Cyber criminals are leveraging AI to craft highly personalized phishing emails that mimic legitimate communications, utilising data harvested from social media and other online activities to tailor their messages to individual targets. Deepfake technology, which enables the creation of hyper-realistic audio and video content, further increases this threat by allowing attackers to impersonate trusted individuals with eye-opening accuracy. This technology could result in convincing spear-phishing attacks where victims receive seemingly authentic video or audio messages from colleagues or superiors, prompting them to give up sensitive information or authorise fraudulent transactions. The growing complexity of these phishing campaigns necessitates heightened awareness and advanced security measures, such as AI-driven detection systems and comprehensive employee training programs, to safeguard against increasingly deceptive threats.
Attacks on critical infrastructure will continue to increase
The increasing digitisation and connectivity of critical infrastructure systems, such as power grids, water supply, transportation networks, and healthcare facilities, have made them prime targets for sophisticated cyber threats, posing significant risks to national security and public safety. See the recent activity of advanced threat actors like Volt Typhoon, a cyber espionage group believed to be affiliated with a nation-state, who is known for its ability to infiltrate and persist within critical infrastructure networks using stealthy tactics, such as living-off-the-land techniques, which allow them to avoid detection by conventional security tools. Such capabilities could lead to catastrophic consequences, including service disruptions, economic destabilisation, and threats to human lives. As the world continues to see ongoing, multi-year conflicts, nation states will continue to utilise offensive cyber operations to gain footholds and pre-position tools and capabilities to support the asymmetric battlefield.
Stu Sjouwerman, CEO, KnowBe4
In 2024, the world witnessed cyber threats evolve faster than before primarily due to the rise in the number of and popularity of AI tools. These tools assist cybercriminals in refining and making attack tactics more sophisticated and more difficult to recognise, while it helps cybersecurity professionals defend against attacks more effectively.
AI-enabled tools for cyber defence and attacks will continue to improve
As AI technology advances, both defenders and attackers are taking advantage of its capabilities. On the cybersecurity side, sophisticated AI-powered tools that detect and respond to threats more efficiently are being developed. Capabilities like AI being able to analyse big amounts of data, identify anomalies, and enhance the accuracy of threat detection will be of massive assistance to cybersecurity teams going forward. However, cybercriminals are also adopting AI to create more advanced attack methods. For instance, AI-powered social engineering campaigns that manipulate emotions and target specific vulnerabilities more effectively will make it difficult for individuals to distinguish between real and fake content. As AI capabilities evolve on both sides, the standoff between defenders and attackers intensifies, making constant innovation and adaptation crucial.
Ransomware attacks will remain a problem
Ransomware attacks will continue to be a massive threat due to the collaboration between ransomware gangs and initial access brokers. In a measure to combat this, AI will become a popular tool to monitor networks and individual devices for anomalies like unusual encryption processes. This will greatly reduce the impact of attempted ransomware attacks.
The human factor in cybersecurity will become more of a focus
Organisations will continue to recognise the importance of frequent security awareness training and simulated phishing tests to manage the inherent human risk that exists within it. At the same time, cybercriminals will keep refining their social engineering techniques, making attacks more personalized and effective. Going forward, the challenge will lie in maintaining employee vigilance without causing phishing fatigue. To prevent this, it is important for organisations to focus on making training more adaptive and relevant to employees in order to create better protections and engagement for a positive security culture.
The improvement of deepfake detection technologies
2025 will see deepfake AI detection technologies improve, become more accessible, and more effectively address the growing concern of identifying deepfakes. On the other hand, cybercriminals are also expected to leverage disinformation and deepfakes in their attacks, using them to accelerate extortion, hide other attacks, or damage organisational reputations.
The adoption of a zero-trust mindset and cyber-mindfulness
There will be a wider adoption of a zero-trust mindset and cyber-mindfulness, representing a proactive approach to cybersecurity. Organisations embracing these principles encourage a vigilant attitude among their employees, treating every user and device as a potential threat. Training employees to maintain a healthy level of scepticism encourages them to apply critical thinking skills, and this mindset shift will be another crucial step in mitigating internal risks.
The cybersecurity landscape is rapidly evolving, and the dynamic between defenders and attackers has never been more complex, As we enter 2025, we must embrace the potential of AI to enhance our defences and protect organisations globally. It is more important than ever to focus on the human element in organisations to lower the risk of becoming a victim of cybercrime. One of the best forms of defence remains cultivating a robust security culture.